On Tue, March 20, 2007 3:40 am, Patrick Ale wrote: > I see a lot of /8398743dhdshjsd/nonexistentfile.php requests in my > Apache log, returned with 404 since the file doesn't exist. > > What are people trying to do? Do they try to trigger a bug in php or > are they looking for some misconfigured forum? Could be searching for targets of XSS att via: <form action="<?php echo $_SERVER['PHP_SELF']?>" ... Use: <form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" ... Or just hard-code the dang thing, if you never move your forms. :-v -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
